ASA Grok Failure ASA-4-113019

pankaj · May 11, 2020, 10:05am

I am trying to parse and index the cisco asa logs for particular syslog messages . The grok debuger showing the code okay but I dont see the logs indexed in elasticsearch

Regards
Pankaj

pankaj · May 11, 2020, 10:12am

Here is my code .

=================code============================================================
#If CiscoTag is ASA-4-113019 -
if [type] == "cisco-fw" and [ciscotag] == "ASA-4-113019" {
grok {
match => ["cisco_message", "Group = %{GREEDYDATA:group}, Username =%{GREEDYDATA:user}, IP = %{IP:src_ip}, (?%{WORD} %{WORD}). Session Type: %{GREEDYDATA:type}, Duration: %{GREEDYDAT
A:duration}, Bytes xmt: %{GREEDYDATA:xmtbytes}, Bytes rcv: %{GREEDYDATA:rcvbytes}, Reason: %{GREEDYDATA:reason}"]
}
}

Topic		Replies	Views
Cisco ASA and logstash problem Logstash	6	1334	November 2, 2018
Cisco asa - grok failure probably Logstash	9	3444	September 3, 2018
Logstash 2.0.0 and Cisco ASA syslog Logstash	5	4463	July 6, 2017
Logstash Cisco ASA logs "grokparsefailure" in logs tag Logstash	1	379	February 24, 2022
Cisco ASA Patterns in Logstash 1.5.1 Logstash	10	8841	July 6, 2017

ASA Grok Failure ASA-4-113019

Related topics